Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8980 matches found

Positive Technologies
Positive Technologiesadded 2024/09/09 12:0 a.m.4 views

PT-2024-37870 · Baxter · Baxter Connex

Name of the Vulnerable Software and Affected Versions: Baxter Connex health portal versions prior to 8/30/2024 Description: An improper access control issue exists in the Baxter Connex health portal, which could allow an unauthenticated attacker to gain unauthorized access to the portal's databas...

9.1CVSS7.2AI score0.00419EPSS
Exploits0References8
NVD
NVDadded 2024/09/07 12:15 p.m.21 views

CVE-2024-7112

The Pinpoint Booking System – 1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

8.8CVSS0.00582EPSS
Exploits0References4
OSV
OSVadded 2024/09/06 7:15 a.m.13 views

CVE-2024-7349

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.2CVSS7.2AI score
Exploits0References2
RedHat Linux
RedHat Linuxadded 2024/09/03 2:26 a.m.12 views

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8.8CVSS6.8AI score0.00743EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.216 views

Dolibarr 16 Pre-auth Contact Database Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dolibarr 16 pre-auth contact database dump', 'Description' = %q Dolibarr version 16 'Vladimir TOUTAIN', 'Nolan LOSSIGNOL-DRILLIEN' , 'License' =...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.166 views

WordPress Total Upkeep Unauthenticated Backup Downloader

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Total Upkeep Unauthenticated Backup Downloader', 'Description' = %q This module exploits an unauthenticated database backup vulnerabili...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.160 views

Carlo Gavazzi Energy Meters Login Brute Force, Extract Info And Dump Plant Database

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Carlo Gavazzi Energy Meters - Login Brute Force, Extract Info and Dump Plant Database', 'Description' = % This module scans for Carlo Gavazzi...

7.5CVSS7.1AI score0.64606EPSS
Exploits2
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.141 views

Network Shutdown Module sort_values Credential Dumper

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Network Shutdown Module sortvalues Credential Dumper', 'Description' = %q This module will extract user credentials from Network Shutdown Module...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.198 views

BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure', 'Description' = %q This module exploits a...

7.5CVSS7AI score0.82177EPSS
Exploits15
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.208 views

WordPress W3-Total-Cache 0.9.2.4 Username / Hash Extraction

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3-Total-Cache Plugin 0.9.2.4 or before Username and Hash Extract', 'Description' = "The W3-Total-Cache Wordpress Plugin MSFLICENSE,...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.390 views

Apache Superset Signed Cookie Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Superset Signed Cookie Priv Esc', 'Description' = %q Apache Superset versions 'h00die', MSF module 'paradoxis', original flask-unsign tool...

9.8CVSS7.2AI score0.84026EPSS
Exploits20
CVE
CVEadded 2024/08/30 2:14 a.m.52 views

CVE-2024-8327

CVE-2024-8327 affects the Easy Test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY. The issue is an SQL injection caused by improper validation of a specific page parameter, enabling remote attackers with regular privileges (network access, no UI interaction) to read, modif...

8.8CVSS9.1AI score0.02589EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2024/08/30 12:0 a.m.2 views

Computer Laboratory Management System SQL注入漏洞

Computer Laboratory Management System is an open source computer laboratory management system from SourceCodester. A SQL injection vulnerability exists in Computer Laboratory Management System version 1.0, which originates from a SQL injection vulnerability in the id parameter of the...

9.8CVSS7AI score0.00225EPSS
Exploits1References7
Github Security Blog
Github Security Blogadded 2024/08/29 5:59 p.m.16 views

"powermail" (powermail) Insecure Direct Object Reference (IDOR)

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

7.3CVSS6.9AI score0.0022EPSS
Exploits0References8Affected Software1
NVD
NVDadded 2024/08/29 11:15 a.m.18 views

CVE-2024-29728

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/inscribeUsuario/ , parameter idDesafi...

9.8CVSS0.00188EPSS
Exploits0References1
NVD
NVDadded 2024/08/29 11:15 a.m.7 views

CVE-2024-29731

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/checkBlindFields/ , parameters...

9.8CVSS0.00188EPSS
Exploits0References1
NVD
NVDadded 2024/08/29 11:15 a.m.19 views

CVE-2024-29729

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/generateShortURL/, parameter url...

9.8CVSS0.00188EPSS
Exploits0References1
NVD
NVDadded 2024/08/29 11:15 a.m.10 views

CVE-2024-29723

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/conexiones/ax/openTracExt/, parameter...

9.8CVSS0.00188EPSS
Exploits0References1
NVD
NVDadded 2024/08/29 11:15 a.m.7 views

CVE-2024-29725

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/app/ax/sortbloques/, parameter list...

9.8CVSS0.00188EPSS
Exploits0References1
NVD
NVDadded 2024/08/29 11:15 a.m.10 views

CVE-2024-29724

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. These vulnerabilities could allow an attacker to retrieve, update and delete all information in the database by sending a specially crafted SQL query: https://XXXXXXX.saludydesafio.com/ax/registerSp/, parameter idDesafio...

9.8CVSS0.00188EPSS
Exploits0References1
Rows per page
Query Builder